diff options
Diffstat (limited to 'roles/common/files/etc/systemd')
3 files changed, 59 insertions, 0 deletions
| diff --git a/roles/common/files/etc/systemd/system/bacula-fd.service b/roles/common/files/etc/systemd/system/bacula-fd.service new file mode 100644 index 0000000..ee5afe3 --- /dev/null +++ b/roles/common/files/etc/systemd/system/bacula-fd.service @@ -0,0 +1,22 @@ +[Unit] +Description=Bacula File Daemon service +After=network.target + +[Service] +Type=forking +PIDFile=/var/run/bacula/bacula-fd.9102.pid +StandardOutput=syslog +ExecStart=/usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf + +# Hardening +NoNewPrivileges=yes +PrivateDevices=yes +ProtectHome=read-only +ProtectSystem=full +PrivateTmp=yes +ReadOnlyDirectories=/ +ReadWriteDirectories=-/var/lib +ReadWriteDirectories=-/var/run/bacula + +[Install] +WantedBy=multi-user.target diff --git a/roles/common/files/etc/systemd/system/stunnel4.service b/roles/common/files/etc/systemd/system/stunnel4.service new file mode 100644 index 0000000..990e07b --- /dev/null +++ b/roles/common/files/etc/systemd/system/stunnel4.service @@ -0,0 +1,14 @@ +# This service is actually a systemd target, +# but we are using a service since targets cannot be reloaded. + +[Unit] +Description=SSL tunnel for network daemons (multi-instance-master) + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/true +ExecReload=/bin/true + +[Install] +WantedBy=multi-user.target diff --git a/roles/common/files/etc/systemd/system/stunnel4@.service b/roles/common/files/etc/systemd/system/stunnel4@.service new file mode 100644 index 0000000..e53d29e --- /dev/null +++ b/roles/common/files/etc/systemd/system/stunnel4@.service @@ -0,0 +1,23 @@ +[Unit] +Description=SSL tunnel for network daemons (instance %i) +After=network.target nss-lookup.target +PartOf=stunnel4.service +ReloadPropagatedFrom=stunnel4.service + +[Service] +ExecStart=/usr/bin/stunnel4 /etc/stunnel/%i.conf +ExecReload=/bin/kill -HUP ${MAINPID} +KillSignal=SIGINT +TimeoutStartSec=120 +TimeoutStopSec=60 +Restart=on-failure + +# Hardening +NoNewPrivileges=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ + +[Install] +WantedBy=multi-user.target | 
